|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
nscd poisoning?
From: Michael Loftis (mloftis
wgops.com)
Date: Thu Jun 12 2003 - 00:15:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I just experienced a very scary thing. An nscd instance on an
internal/mostly private machine picked up a bogus entry for localhost
matching the address 203.0.37.125 -- which the net admin there has
reversing to localhost. It seems to me we have a hacker with some sort of
new attack possibly?
The system is an RH7.3 base, with latest patches. As far as I know there
aren't any obvious vulns in the system here, and the information didn't
come from LDAP as the servers replication logs NEVER mentioned that
information, ever.
I know that there are some solutions to this (including editing
nsswitch.conf) but I wanted to know if anyone else has seen this? Replies
off-list or on-list (though I have a hard time following all the list
traffic...)
----------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]